<?php
session_start();
// filename: upload.processor.php

// first let's set some variables

// make a note of the current working directory, relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// make a note of the directory that will recieve the uploaded files
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . '../Bildgalleri/paintings/';

// make a note of the location of the upload form in case we need it
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadForm.php';

// make a note of the location of the success page
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadSuccess.php';

// name of the fieldname used for the file in the HTML form
$fieldname = 'file';



// Now let's deal with the upload

// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
                2 => 'html form max file size exceeded',
                3 => 'file upload was only partial',
                4 => 'no file was attached');

// check the upload form was actually submitted else print form
isset($_POST['submit'])
	or error('the upload form is needed', $uploadForm);

// check for standard uploading errors
($_FILES[$fieldname]['error'] == 0)
	or error($errors[$_FILES[$fieldname]['error']], $uploadForm);

// check that the file we are working on really was an HTTP upload
//@is_uploaded_file($_FILES[$fieldname]['tmp_name'])
//	or error('not an HTTP upload', $uploadForm);

// validation... since this is an image upload script we
// should run a check to make sure the upload is an image
@getimagesize($_FILES[$fieldname]['tmp_name'])
	or error('only image uploads are allowed', $uploadForm);

// make a unique filename for the uploaded file and check it is
// not taken... if it is keep trying until we find a vacant one
$now = time();
while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
{
    
    $now++;
        
}
$imagename = ($_FILES[$fieldname]['name']);
$imageURL = "$now-$imagename";

// now let's move the file to its final and allocate it with the new filename
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
	or error('receiving directory insuffiecient permission', $uploadForm);
// $_FILES[$fieldname]['name'] verkar vara namnet på bilden man laddar upp

// If you got this far, everything has worked and the file has been successfully saved.
// We are now going to redirect the client to the success page.
header('Location: ' . $uploadSuccess);

// make an error handler which will be used if the upload fails
function error($error, $location, $seconds = 5)
{
	header("Refresh: $seconds; URL=\"$location\"");
	echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n".
	'"http://www.w3.org/TR/html4/strict.dtd">'."\n\n".
	'<html lang="en">'."\n".
	'	<head>'."\n".
	'		<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">'."\n\n".
	'		<link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n".
	'	<title>Upload error</title>'."\n\n".
	'	</head>'."\n\n".
	'	<body>'."\n\n".
	'	<div id="Upload">'."\n\n".
	'		<h1>Upload failure</h1>'."\n\n".
	'		<p>An error has occured: '."\n\n".
	'		<span class="red">' . $error . '...</span>'."\n\n".
	'	 	The upload form is reloading</p>'."\n\n".
	'	 </div>'."\n\n".
	'</html>';
	exit;
        }
$hostname="localhost";
$username="root";
$password="";
$database="db_dinkonst";
mysql_connect($hostname,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");


$user = $_SESSION['myusername'];

$result = mysql_query("select user_id from users where username ='$user'");
 while($row = mysql_fetch_assoc($result)) {
	$user_id = $row["user_id"];
	}

$subcategory=$_POST['subcategory'];

$result = mysql_query("select subCategory_id from subCategory where subCategoryName ='$subcategory'");
 while($row = mysql_fetch_assoc($result)) {
	$subcategory_id = $row["subCategory_id"];
	}

$titel=$_POST['titel'];
$beskrivning=$_POST['beskrivning'];
$pris=$_POST['pris'];
$hojd=$_POST['hojd'];
$bredd=$_POST['bredd'];
$imageURL = $imageURL;



//Connnects to database




$query = "INSERT INTO items VALUES ('$user_id','0','$titel','$beskrivning','$pris', '0',
        '0', '$imageURL', '$hojd','$bredd')";
mysql_query($query);

// This is a very ugly solution to make the timestamp work. For some reason it is not possible to
// get a timestamp on creation. Only when you update an item, thats why i update it directly.
$query = "UPDATE items
          SET status = '1'
          where pictureURL = '$imageURL'
            ";
mysql_query($query);

// Hämtar det nyligen skapade item_id

$result = mysql_query("select item_id from items where pictureURL ='$imageURL'");
 while($row = mysql_fetch_assoc($result)) {
	$item_id = $row["item_id"];
	}

$query = "INSERT INTO item_subCategory VALUES ('$item_id','$subcategory_id')";
mysql_query($query);

mysql_close();

?>